/**
 * 
 * 
 *  
 *====================================================
 * 文件名称: LoginFilter.java
 * 修订记录：
 * No    日期				作者(操作:具体内容)
 * 1.    Mar 3, 2009		(创建:创建文件)
 * 2.    Mar 3, 2009        根据 注释 规范进行调整
 *====================================================
 * 类描述：
 * 
 */
package com.devframe.web.filter;

import java.io.IOException;
import java.util.Date;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;

import com.devframe.sys.Constants;
import com.devframe.web.util.user.UserInfo;
import com.devframe.web.util.user.UserInfoHolder;


/**
 * 
 *<pre><b><font color="blue">LoginFilter</font></b></pre>
 *
 *<pre><b>&nbsp;--登录过滤器--</b></pre>
 * <pre>采用DIDS登录时，无需配置该过滤器。</pre>
 * <pre>
 * <b>--样例--</b>
 *   LoginFilter obj = new LoginFilter();
 *   obj.method();
 * </pre>
 * JDK版本：JDK1.4
 * @author  <b></b>
 */
public class LoginFilter extends HttpServlet implements Filter {

	/**
     * serialVersionUID
     */
    private static final long serialVersionUID = 6239749283264911778L;


    /**
	 * logger
	 */
	static Logger logger = Logger.getLogger(LoginFilter.class);
	
	/**
	 * 上次校验日期
	 */
	private Date lastCheckDate;
	/**
	 * 无需过滤的url数组
	 */
	private String[] noFilterUrls;

	/**
	 * init
	 * 验证许可证，读取过滤器参数
	 * @param filterConfig
	 *            FilterConfig
	 * @throws ServletException
	 *             ServletException
	 */
	public void init(FilterConfig filterConfig) throws ServletException {
		String noFilter=filterConfig.getInitParameter("noFilter");
		if(noFilter!=null){
			noFilterUrls=noFilter.split(",");
			for(int i=0;i<noFilterUrls.length;i++){
				//noFilterUrls[i]=noFilterUrls[i].toUpperCase();
				noFilterUrls[i]=noFilterUrls[i];
			}
		}
	}
	/**
	 * 判断是否不过滤
	 * @param url 访问的url
	 * @author:
	 * @return 是否属于无需过滤的URL
	 */
	private boolean isNofilter(String url){
		//url=url.toUpperCase();
		if(noFilterUrls!=null){
			for(int i=0;i<noFilterUrls.length;i++){
				if(url.endsWith(noFilterUrls[i])) {
					return true;
				}
			}
		}
		return false;
	}

	/**
	 * 过滤功能实现
	 * 
	 * @param request
	 *            ServletRequest
	 * @param response
	 *            ServletResponse
	 * @param filterChain
	 *            FilterChain
	 * @throws IOException
	 *             IOException
	 * @throws ServletException
	 *             ServletException
	 */
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
		throws IOException, ServletException {
		HttpServletResponse httpResponse = null;
		HttpServletRequest httpRequest = (HttpServletRequest) request;
		String uri = httpRequest.getRequestURI();
		
		if(StringUtils.isNotBlank(uri)){
			uri=uri.substring(1);
		}
		if(StringUtils.isNotBlank(uri)&& uri.toLowerCase().contains("api")){
			filterChain.doFilter(request, response);
		}else{
			httpResponse = (HttpServletResponse) response;
			
			UserInfo user = (UserInfo) httpRequest.getSession().getAttribute(Constants.USERINFO);
			//将用户信息存入线程变量，方便程序使用。
	        UserInfoHolder.setUserInfo(user);

			// 获得请求的uri，判断用户是否正在登陆，如果已经登陆，需要进行验证
			//判断是否属于不过滤的范围
			if(isNofilter(uri)){
				logger.info("无须登录url:"+uri);
				filterChain.doFilter(request, response);
			} else{
				// 如果用户为空，转向登录页面
				if (user == null) {
					logger.info("用户未登陆，转向登录页面。请求url:"+uri);
					HttpServletRequest re = (HttpServletRequest) request;
					((HttpServletResponse) response).sendRedirect(re.getContextPath() +"/login.jsp");
					return;
				} else {
					filterChain.doFilter(request, response);
				}
			}			
		}

	}
	/**
	 * destroy
	 */
	public void destroy() {
	    
	}

}
